From 08f901b0086444209c4e37cbfc223cec3498d227 Mon Sep 17 00:00:00 2001
From: dan <dan@noemail.net>
Date: Mon, 25 May 2015 19:24:36 +0000
Subject: [PATCH] Have the b-tree layer return SQLITE_CORRUPT to any attempt to
 open a cursor with a root page number less than 1.

FossilOrigin-Name: aa18c8e9d1676b1caa53bc5f5c1dc5f201089b88
---
 manifest           | 14 +++++++-------
 manifest.uuid      |  2 +-
 src/btree.c        | 10 +++++++---
 test/corruptI.test | 21 +++++++++++++++++++++
 4 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/manifest b/manifest
index a97e1a70aa..bf3cc78749 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\scouple\sof\sbtree\sasserts\sthat\swould\sfail\swhen\sencountering\s32-bit\srollover\sin\scell\spayload\ssize\sfields\s(cell\spayloads\sthis\slarge\salways\sindicate\scorruption).
-D 2015-05-25T18:47:26.960
+C Have\sthe\sb-tree\slayer\sreturn\sSQLITE_CORRUPT\sto\sany\sattempt\sto\sopen\sa\scursor\swith\sa\sroot\spage\snumber\sless\sthan\s1.
+D 2015-05-25T19:24:36.961
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 0a6ae26396ec696221021780dffbb894ff3cead7
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -192,7 +192,7 @@ F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
 F src/backup.c ff743689c4d6c5cb55ad42ed9d174b2b3e71f1e3
 F src/bitvec.c 5eb7958c3bf65210211cbcfc44eff86d0ded7c9d
 F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79
-F src/btree.c 91a435b34d35e715ce7acea0b4844030b955f32c
+F src/btree.c a5beb7f19f9bacbad2bd5ebf8e34e327de7a6656
 F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1
 F src/btreeInt.h 973a22a6fd61350b454ad614832b1f0a5e25a1e4
 F src/build.c d5d9090788118178190c5724c19f93953b8c7a4e
@@ -452,7 +452,7 @@ F test/corruptE.test 193b4ca4e927e77c1d5f4f56203ddc998432a7ee
 F test/corruptF.test be9fde98e4c93648f1ba52b74e5318edc8f59fe4
 F test/corruptG.test 1ab3bf97ee7bdba70e0ff3ba2320657df55d1804
 F test/corruptH.test 5dd4fa98c6c1ed33b178f9e8a48c4fdd3cfc9067
-F test/corruptI.test bcb2aa4e7d881a6b64f6bb90630906820e13f8e4
+F test/corruptI.test 79fd060a42a965df1274f5ef5cba4d74bef7c892
 F test/corruptJ.test 9e29e7a81ee3b6ac50f77ea7a9e2f3fa03f32d91
 F test/cost.test 19d314526616ce4473eb4e4e450fcb94499ce318
 F test/count.test cb2e0f934c6eb33670044520748d2ecccd46259c
@@ -1278,7 +1278,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 97806a78142b15f89878e25ee70dc5b0524d6793
-R 0d20a2d5be2933ea91911d50d1989d04
+P 8fa0937a2f3476dd280259e252d6f422c33d38ee
+R 1745897e1e5c334cb77f7423f9fe4000
 U dan
-Z a82c82ed9d895f4cf06b3ec1a9c1aaf1
+Z 702c8f83eb7e3fb57102175733730dbd
diff --git a/manifest.uuid b/manifest.uuid
index 89e18e7891..988034ee1f 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-8fa0937a2f3476dd280259e252d6f422c33d38ee
\ No newline at end of file
+aa18c8e9d1676b1caa53bc5f5c1dc5f201089b88
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index 3f1082e394..1e27a9cde4 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -3888,9 +3888,13 @@ int sqlite3BtreeCursor(
   BtCursor *pCur                              /* Write new cursor here */
 ){
   int rc;
-  sqlite3BtreeEnter(p);
-  rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
-  sqlite3BtreeLeave(p);
+  if( iTable<1 ){
+    rc = SQLITE_CORRUPT_BKPT;
+  }else{
+    sqlite3BtreeEnter(p);
+    rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
+    sqlite3BtreeLeave(p);
+  }
   return rc;
 }
 
diff --git a/test/corruptI.test b/test/corruptI.test
index 2230205da8..a7490221fd 100644
--- a/test/corruptI.test
+++ b/test/corruptI.test
@@ -204,5 +204,26 @@ do_test 6.1 {
   execsql { DELETE FROM t1 WHERE rowid=2 }
 } {}
 
+#-------------------------------------------------------------------------
+# See what happens if the sqlite_master entry associated with a PRIMARY
+# KEY or UNIQUE index is removed. 
+#
+reset_db
+do_execsql_test 7.0 {
+  CREATE TABLE t1(x PRIMARY KEY, y);
+  INSERT INTO t1 VALUES('a', 'A');
+  INSERT INTO t1 VALUES('b', 'A');
+  INSERT INTO t1 VALUES('c', 'A');
+  SELECT name FROM sqlite_master;
+} {t1 sqlite_autoindex_t1_1}
+do_execsql_test 7.1 {
+  PRAGMA writable_schema = 1;
+  DELETE FROM sqlite_master WHERE name = 'sqlite_autoindex_t1_1';
+}
+do_test 7.2 {
+  db close
+  sqlite3 db test.db
+  catchsql { UPDATE t1 SET x='d' AND y='D' WHERE rowid = 2 }
+} {1 {database disk image is malformed}}
 
 finish_test
-- 
2.39.5